• RIP and OSPF protocols use the tunnel interface name as the next hop for the routes
learnt over this tunnel interface.
• Locally generated packets that go through tunnel interface carry the tunnel IP address as
the source address before IP-IP encapsulation.
With Dynamic VPN, the firewall configuration is similar to static VPN firewall configuration. For
details, see Troubleshooting Static VPN Peer to Peer on page
213.
Procedure steps
1. To display the tunnel configuration, enter:
show interface tunnel <tunnel-name>
Verify the source address, destination address, and crypto type as untrusted.
2. To display the IKE policy details, enter:
show crypto ike policy all detail
Verify the local address, the peer address, the local identity and the remote
identity.
3. When the tunnel protection command is applied to a tunnel interface, the command
creates an IKE policy with the following default attributes:
• Encryption algorithm: 3des
• Hash Algorithm: sha1
• Authentication Mode: pre-shared-key
• DH Group: group2
The Tunnel protection command also creates an IPSec policy with the following
default attributes:
• Protocol: esp
• Mode: transport
• Encryption Algorithm: 3des
• Hash Algorithm: sha1-hmac
The following is a sample configuration:
interface tunnel toNVR
tunnel protection policy1 avaya123
The auto-created IKE and IPsec policies can be modified and saved to suit the
deployment requirements.
Note:
In order to interoperate with NVR at HO, IKE and IPsec proposals have to be
modified. For details, see Secure Router to Avaya VPN router interoperability
tips on page
221.
4. To display the IPSec policy details, enter:
Troubleshooting security
218 Troubleshooting August 2013
Comments? infodev@avaya.com
To Next Page
Loading...
